firefox (SL6)

By Scientific Linux Team on September 12, 2018

Synopsis: Critical: firefox security update
Advisory ID: SLSA-2018:2693-1
Issue Date: 2018-09-12
CVE Numbers: CVE-2017-16541
CVE-2018-12376
CVE-2018-12377
CVE-2018-12378
CVE-2018-12379

This update upgrades Firefox to version 60.2.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
(CVE-2018-12376)

* Mozilla: Use-after-free in driver timers (CVE-2018-12377)

* Mozilla: Use-after-free in IndexedDB (CVE-2018-12378)

* Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541)

* Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379)

SL6
x86_64
firefox-60.2.0-1.el6.x86_64.rpm
firefox-debuginfo-60.2.0-1.el6.x86_64.rpm
firefox-60.2.0-1.el6.i686.rpm
firefox-debuginfo-60.2.0-1.el6.i686.rpm
i386
firefox-60.2.0-1.el6.i686.rpm
firefox-debuginfo-60.2.0-1.el6.i686.rpm

– Scientific Linux Development Team